Executive Summary
Summary | |
---|---|
Title | Microsoft Jet Engine stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#936529 | First vendor Publication | 2008-03-22 |
Vendor | VU-CERT | Last vendor Modification | 2008-05-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#936529Microsoft Jet Engine stack buffer overflowOverviewThe Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, including Access and Visual Basic. A Microsoft Access database uses the .MDB file extension by default. The Microsoft Jet Engine contains a stack buffer overflow in the handling of specially crafted database files.Microsoft Word can link to Jet databases. In some cases, the database can be opened without prompting the user. This can allow Microsoft Word documents to be used as an attack vector for this vulnerability. Microsoft Outlook can also be used as an attack vector by either opening a specially crafted email message or by viewing such a message in the preview pane. This issue is addressed in Microsoft Security Bulletin MS08-028.
"Standard Jet DB" "Temp Jet DB " "MSISAM Database" According to Microsoft, this can be accomplished in the following ways: Manual (User Interaction)
1. Restart the machine. 2. Open Outlook 3. Click Tools, click Options, and then click the Mail Format tab. 4. Clear the Use Microsoft Word to edit e-mail messages check box. 5. Clear the Use Microsoft Word to read Rich Text e-mail messages box. 6. Exit Outlook. 7. Restart the machine. Impact of Workaround: Users will not be able to use Word as their e-mail editor or use Rich Text to read their e-mail
For information on using registry keys with a Group Policy see Using Administrative Template Files with Registry-Based Group Policy and Distributing Registry Changes. Disable WordMail in Word 2003 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareMicrosoftOffice11.0OutlookOptionsMail] "EditorPreference"=dword:00020000 "UseWordMail"=dword:00000000 Disable WordMail in Word 2002 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareMicrosoftOffice10.0OutlookOptionsMail] "EditorPreference"=dword:00020000 "UseWordMail"=dword:00000000 Impact of Workaround: Users will not be able to use Word as their e-mail editor or use Rich Text by default to read their e-mail. To implement the workaround, enter the following command at a command prompt: echo y| cacls "%SystemRoot%system32msjet40.dll" /E /P everyone:N Systems Affected
Referenceshttp://www.kb.cert.org/vuls/id/176380 This vulnerability was publicly reported by cocoruder. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/936529 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5578 | |||
Oval ID: | oval:org.mitre.oval:def:5578 | ||
Title: | Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-6026 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Jet 4.0 Database Engine |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 6 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Jet Engine MDB file ColumnName buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-09-03 | Name : Windows Vulnerability in Microsoft Jet Database Engine File : nvt/win_CVE-2007-6026.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44880 | Microsoft Windows msjet40.dll MDB File Handling Overflow A remote overflow exists in Microsoft Jet (msjet40.dll). The DLL fails to bounds check user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
43464 | Microsoft Jet Database Engine Word File Handling Unspecified Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-05-15 | IAVM : 2008-A-0030 - Microsoft Jet Database Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0016013 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Access MSISAM file magic detected RuleID : 23718 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access TJDB file magic detected RuleID : 23717 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access JSDB file magic detected RuleID : 23716 - Revision : 7 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access file magic detected RuleID : 23715 - Revision : 8 - Type : FILE-IDENTIFY |
2015-05-28 | Microsoft Access hciR obfuscated download attempt RuleID : 13634 - Revision : 5 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Office Access MSISAM file magic detected RuleID : 13633 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access TJDB file magic detected RuleID : 13630 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access JSDB file magic detected RuleID : 13629 - Revision : 18 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Office Access file magic detected RuleID : 13626 - Revision : 22 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-05-13 | Name : Arbitrary code can be executed on the remote host through the database engine. File : smb_nt_ms08-028.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-15 13:28:39 |
|
2013-05-11 00:57:29 |
|